Page 16 of 225 results (0.010 seconds)

CVSS: 6.5EPSS: 1%CPEs: 8EXPL: 1

An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. This is different from CVE-2018-12900. Se ha descubierto una desreferencia de dirección inválida en TIFFWriteDirectoryTagTransferfunction en libtiff/tif_dirwrite.c en LibTIFF 4.0.10, que afecta a la función cpSeparateBufToContigBuf en tiffcp.c. Los atacantes remotos podrían aprovechar esta vulnerabilidad para provocar una denegación de servicio (DoS) mediante un archivo tiff manipulado. • http://bugzilla.maptools.org/show_bug.cgi?id=2833 http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00041.html https://gitlab.com/libtiff/libtiff/commit/802d3cbf3043be5dce5317e140ccb1c17a6a2d39 https://lists.debian.org/debian-lts-announce/2019/02/msg00026.html https://security.gentoo.org/glsa/202003-25 https://usn.ubuntu.com/3906-1 https://usn.ubuntu.com/3906-2 https://www.debian.org/security/2020/dsa-4670 •

CVSS: 8.8EPSS: 1%CPEs: 8EXPL: 1

The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb. La función TIFFdOpen en tif_unix.c en LibTIFF 4.0.10 tiene una fuga de memoria, tal y como queda demostrado con pal2rgb. • http://bugzilla.maptools.org/show_bug.cgi?id=2836 http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00041.html http://packetstormsecurity.com/files/155095/Slackware-Security-Advisory-libtiff-Updates.html https://gitlab.com/libtiff/libtiff/commit/0c74a9f49b8d7a36b17b54a7428b3526d20f88a8 https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html https://seclists.org/bugtraq/2019/Nov/5 https://security.gentoo.org/glsa/202003-25 https://usn.ubuntu.com/3906-1 https://usn.ubuntu. • CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 7.5EPSS: 1%CPEs: 10EXPL: 0

LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue ** EN DISPUTA ** LibTIFF 4.0.8 tiene múltiples vulnerabilidades de fuga de memoria, lo que permite que los atacantes provoquen una denegación de servicio (consumo de memoria), tal y como queda demostrado con tif_open.c, tif_lzw.c y tif_aux.c. NOTA: los terceros eran incapaces de reproducir el problema. • http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00041.html http://packetstormsecurity.com/files/150896/LibTIFF-4.0.8-Memory-Leak.html http://seclists.org/fulldisclosure/2018/Dec/32 http://seclists.org/fulldisclosure/2018/Dec/47 http://www.openwall.com/lists/oss-security/2017/11/01/11 http://www.openwall.com/lists/oss-security/2017/11/01/3 http://www.openwall.com/lists/oss-security/2017& • CWE-772: Missing Release of Resource after Effective Lifetime •

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1

In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset. En LibTIFF 4.0.9, hay una desreferencia de puntero NULL en la función TIFFWriteDirectorySec en tif_dirwrite.c que conducirá a un ataque de denegación de servicio (DoS), tal y como queda demostrado con tiffset. • http://bugzilla.maptools.org/show_bug.cgi?id=2820 http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00041.html http://packetstormsecurity.com/files/155095/Slackware-Security-Advisory-libtiff-Updates.html http://www.securityfocus.com/bid/105932 https://lists.debian.org/debian-lts-announce/2019/02/msg00026.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C6IL2QFKE6MGVUTOPU2UUWITTE36KRDF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fed • CWE-476: NULL Pointer Dereference •

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1

An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c. Se ha descubierto un problema en LibTIFF 4.0.9. Hay una desreferencia de puntero NULL en la función LZWDecode en tif_lzw.c. • http://bugzilla.maptools.org/show_bug.cgi?id=2819 http://www.securityfocus.com/bid/105762 https://access.redhat.com/errata/RHSA-2019:2053 https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html https://usn.ubuntu.com/3864-1 https://access.redhat.com/security/cve/CVE-2018-18661 https://bugzilla.redhat.com/show_bug.cgi?id=1644448 • CWE-121: Stack-based Buffer Overflow CWE-476: NULL Pointer Dereference •